audit: add @args to device logging functions
This commit is contained in:
Beniamino Galvani
@@ -8674,7 +8674,7 @@ reapply_cb (NMDevice *self,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (error) {
|
if (error) {
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, subject, error->message);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, subject, error->message);
|
||||||
g_dbus_method_invocation_return_gerror (context, error);
|
g_dbus_method_invocation_return_gerror (context, error);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -8683,11 +8683,11 @@ reapply_cb (NMDevice *self,
|
|||||||
connection ? : (NMConnection *) nm_device_get_settings_connection (self),
|
connection ? : (NMConnection *) nm_device_get_settings_connection (self),
|
||||||
version_id,
|
version_id,
|
||||||
&local)) {
|
&local)) {
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, subject, local->message);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, subject, local->message);
|
||||||
g_dbus_method_invocation_take_error (context, local);
|
g_dbus_method_invocation_take_error (context, local);
|
||||||
local = NULL;
|
local = NULL;
|
||||||
} else {
|
} else {
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, TRUE, subject, NULL);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, TRUE, NULL, subject, NULL);
|
||||||
g_dbus_method_invocation_return_value (context, NULL);
|
g_dbus_method_invocation_return_value (context, NULL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -8710,7 +8710,7 @@ impl_device_reapply (NMDevice *self,
|
|||||||
error = g_error_new_literal (NM_DEVICE_ERROR,
|
error = g_error_new_literal (NM_DEVICE_ERROR,
|
||||||
NM_DEVICE_ERROR_FAILED,
|
NM_DEVICE_ERROR_FAILED,
|
||||||
"Invalid flags specified");
|
"Invalid flags specified");
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, context, error->message);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, context, error->message);
|
||||||
g_dbus_method_invocation_take_error (context, error);
|
g_dbus_method_invocation_take_error (context, error);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -8719,7 +8719,7 @@ impl_device_reapply (NMDevice *self,
|
|||||||
error = g_error_new_literal (NM_DEVICE_ERROR,
|
error = g_error_new_literal (NM_DEVICE_ERROR,
|
||||||
NM_DEVICE_ERROR_NOT_ACTIVE,
|
NM_DEVICE_ERROR_NOT_ACTIVE,
|
||||||
"Device is not activated");
|
"Device is not activated");
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, context, error->message);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, context, error->message);
|
||||||
g_dbus_method_invocation_take_error (context, error);
|
g_dbus_method_invocation_take_error (context, error);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -8735,7 +8735,7 @@ impl_device_reapply (NMDevice *self,
|
|||||||
&error);
|
&error);
|
||||||
if (!connection) {
|
if (!connection) {
|
||||||
g_prefix_error (&error, "The settings specified are invalid: ");
|
g_prefix_error (&error, "The settings specified are invalid: ");
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, context, error->message);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, context, error->message);
|
||||||
g_dbus_method_invocation_take_error (context, error);
|
g_dbus_method_invocation_take_error (context, error);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -8865,7 +8865,7 @@ disconnect_cb (NMDevice *self,
|
|||||||
|
|
||||||
if (error) {
|
if (error) {
|
||||||
g_dbus_method_invocation_return_gerror (context, error);
|
g_dbus_method_invocation_return_gerror (context, error);
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, subject, error->message);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, NULL, subject, error->message);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -8874,7 +8874,7 @@ disconnect_cb (NMDevice *self,
|
|||||||
local = g_error_new_literal (NM_DEVICE_ERROR,
|
local = g_error_new_literal (NM_DEVICE_ERROR,
|
||||||
NM_DEVICE_ERROR_NOT_ACTIVE,
|
NM_DEVICE_ERROR_NOT_ACTIVE,
|
||||||
"Device is not active");
|
"Device is not active");
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, subject, local->message);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, NULL, subject, local->message);
|
||||||
g_dbus_method_invocation_take_error (context, local);
|
g_dbus_method_invocation_take_error (context, local);
|
||||||
} else {
|
} else {
|
||||||
nm_device_set_autoconnect_intern (self, FALSE);
|
nm_device_set_autoconnect_intern (self, FALSE);
|
||||||
@@ -8883,7 +8883,7 @@ disconnect_cb (NMDevice *self,
|
|||||||
NM_DEVICE_STATE_DEACTIVATING,
|
NM_DEVICE_STATE_DEACTIVATING,
|
||||||
NM_DEVICE_STATE_REASON_USER_REQUESTED);
|
NM_DEVICE_STATE_REASON_USER_REQUESTED);
|
||||||
g_dbus_method_invocation_return_value (context, NULL);
|
g_dbus_method_invocation_return_value (context, NULL);
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, TRUE, subject, NULL);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, TRUE, NULL, subject, NULL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -8934,12 +8934,12 @@ delete_cb (NMDevice *self,
|
|||||||
|
|
||||||
if (error) {
|
if (error) {
|
||||||
g_dbus_method_invocation_return_gerror (context, error);
|
g_dbus_method_invocation_return_gerror (context, error);
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, FALSE, subject, error->message);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, FALSE, NULL, subject, error->message);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Authorized */
|
/* Authorized */
|
||||||
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, TRUE, subject, NULL);
|
nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, TRUE, NULL, subject, NULL);
|
||||||
if (nm_device_unrealize (self, TRUE, &local))
|
if (nm_device_unrealize (self, TRUE, &local))
|
||||||
g_dbus_method_invocation_return_value (context, NULL);
|
g_dbus_method_invocation_return_value (context, NULL);
|
||||||
else
|
else
|
||||||
|
|||||||
@@ -302,11 +302,11 @@ _nm_audit_manager_log_generic_op (NMAuditManager *self, const char *file, guint
|
|||||||
void
|
void
|
||||||
_nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint line,
|
_nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint line,
|
||||||
const char *func, const char *op, NMDevice *device,
|
const char *func, const char *op, NMDevice *device,
|
||||||
gboolean result, gpointer subject_context,
|
gboolean result, const char *args, gpointer subject_context,
|
||||||
const char *reason)
|
const char *reason)
|
||||||
{
|
{
|
||||||
gs_unref_ptrarray GPtrArray *fields = NULL;
|
gs_unref_ptrarray GPtrArray *fields = NULL;
|
||||||
AuditField interface_field = { }, ifindex_field = { };
|
AuditField interface_field = { }, ifindex_field = { }, args_field = { };
|
||||||
int ifindex;
|
int ifindex;
|
||||||
|
|
||||||
g_return_if_fail (op);
|
g_return_if_fail (op);
|
||||||
@@ -324,6 +324,11 @@ _nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint l
|
|||||||
g_ptr_array_add (fields, &ifindex_field);
|
g_ptr_array_add (fields, &ifindex_field);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (args) {
|
||||||
|
_audit_field_init_string (&args_field, "args", args, FALSE, BACKEND_ALL);
|
||||||
|
g_ptr_array_add (fields, &args_field);
|
||||||
|
}
|
||||||
|
|
||||||
_audit_log_helper (self, fields, file, line, func, op, result, subject_context, reason);
|
_audit_log_helper (self, fields, file, line, func, op, result, subject_context, reason);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -83,13 +83,13 @@ gboolean nm_audit_manager_audit_enabled (NMAuditManager *self);
|
|||||||
} \
|
} \
|
||||||
} G_STMT_END
|
} G_STMT_END
|
||||||
|
|
||||||
#define nm_audit_log_device_op(op, device, result, subject_context, reason) \
|
#define nm_audit_log_device_op(op, device, result, args, subject_context, reason) \
|
||||||
G_STMT_START { \
|
G_STMT_START { \
|
||||||
NMAuditManager *_audit = nm_audit_manager_get (); \
|
NMAuditManager *_audit = nm_audit_manager_get (); \
|
||||||
\
|
\
|
||||||
if (nm_audit_manager_audit_enabled (_audit)) { \
|
if (nm_audit_manager_audit_enabled (_audit)) { \
|
||||||
_nm_audit_manager_log_device_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
|
_nm_audit_manager_log_device_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
|
||||||
(op), (device), (result), (subject_context), (reason)); \
|
(op), (device), (result), (args), (subject_context), (reason)); \
|
||||||
} \
|
} \
|
||||||
} G_STMT_END
|
} G_STMT_END
|
||||||
|
|
||||||
@@ -114,6 +114,7 @@ void _nm_audit_manager_log_generic_op (NMAuditManager *self, const char *file
|
|||||||
|
|
||||||
void _nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint line,
|
void _nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint line,
|
||||||
const char *func, const char *op, NMDevice *device,
|
const char *func, const char *op, NMDevice *device,
|
||||||
gboolean result, gpointer subject_context, const char *reason);
|
gboolean result, const char *args, gpointer subject_context,
|
||||||
|
const char *reason);
|
||||||
|
|
||||||
#endif /* __NM_AUDIT_MANAGER_H__ */
|
#endif /* __NM_AUDIT_MANAGER_H__ */
|
||||||
|
|||||||
Reference in New Issue
Block a user